diff options
-rw-r--r-- | Documentation/networking/ip-sysctl.txt | 10 | ||||
-rw-r--r-- | include/net/sctp/constants.h | 7 | ||||
-rw-r--r-- | include/net/sctp/structs.h | 10 | ||||
-rw-r--r-- | net/sctp/bind_addr.c | 21 | ||||
-rw-r--r-- | net/sctp/protocol.c | 11 | ||||
-rw-r--r-- | net/sctp/sysctl.c | 12 |
6 files changed, 65 insertions, 6 deletions
diff --git a/Documentation/networking/ip-sysctl.txt b/Documentation/networking/ip-sysctl.txt index 4e9c6d7b4efc..fbe427a6580c 100644 --- a/Documentation/networking/ip-sysctl.txt +++ b/Documentation/networking/ip-sysctl.txt | |||
@@ -1297,6 +1297,16 @@ sctp_rmem - vector of 3 INTEGERs: min, default, max | |||
1297 | sctp_wmem - vector of 3 INTEGERs: min, default, max | 1297 | sctp_wmem - vector of 3 INTEGERs: min, default, max |
1298 | See tcp_wmem for a description. | 1298 | See tcp_wmem for a description. |
1299 | 1299 | ||
1300 | addr_scope_policy - INTEGER | ||
1301 | Control IPv4 address scoping - draft-stewart-tsvwg-sctp-ipv4-00 | ||
1302 | |||
1303 | 0 - Disable IPv4 address scoping | ||
1304 | 1 - Enable IPv4 address scoping | ||
1305 | 2 - Follow draft but allow IPv4 private addresses | ||
1306 | 3 - Follow draft but allow IPv4 link local addresses | ||
1307 | |||
1308 | Default: 1 | ||
1309 | |||
1300 | 1310 | ||
1301 | /proc/sys/net/core/* | 1311 | /proc/sys/net/core/* |
1302 | dev_weight - INTEGER | 1312 | dev_weight - INTEGER |
diff --git a/include/net/sctp/constants.h b/include/net/sctp/constants.h index af8c1508109e..58f714a3b670 100644 --- a/include/net/sctp/constants.h +++ b/include/net/sctp/constants.h | |||
@@ -363,6 +363,13 @@ typedef enum { | |||
363 | SCTP_SCOPE_UNUSABLE, /* IPv4 unusable addresses */ | 363 | SCTP_SCOPE_UNUSABLE, /* IPv4 unusable addresses */ |
364 | } sctp_scope_t; | 364 | } sctp_scope_t; |
365 | 365 | ||
366 | typedef enum { | ||
367 | SCTP_SCOPE_POLICY_DISABLE, /* Disable IPv4 address scoping */ | ||
368 | SCTP_SCOPE_POLICY_ENABLE, /* Enable IPv4 address scoping */ | ||
369 | SCTP_SCOPE_POLICY_PRIVATE, /* Follow draft but allow IPv4 private addresses */ | ||
370 | SCTP_SCOPE_POLICY_LINK, /* Follow draft but allow IPv4 link local addresses */ | ||
371 | } sctp_scope_policy_t; | ||
372 | |||
366 | /* Based on IPv4 scoping <draft-stewart-tsvwg-sctp-ipv4-00.txt>, | 373 | /* Based on IPv4 scoping <draft-stewart-tsvwg-sctp-ipv4-00.txt>, |
367 | * SCTP IPv4 unusable addresses: 0.0.0.0/8, 224.0.0.0/4, 198.18.0.0/24, | 374 | * SCTP IPv4 unusable addresses: 0.0.0.0/8, 224.0.0.0/4, 198.18.0.0/24, |
368 | * 192.88.99.0/24. | 375 | * 192.88.99.0/24. |
diff --git a/include/net/sctp/structs.h b/include/net/sctp/structs.h index 993cfff9218e..a48d80e77cd7 100644 --- a/include/net/sctp/structs.h +++ b/include/net/sctp/structs.h | |||
@@ -219,6 +219,15 @@ extern struct sctp_globals { | |||
219 | /* Flag to idicate if SCTP-AUTH is enabled */ | 219 | /* Flag to idicate if SCTP-AUTH is enabled */ |
220 | int auth_enable; | 220 | int auth_enable; |
221 | 221 | ||
222 | /* | ||
223 | * Policy to control SCTP IPv4 address scoping | ||
224 | * 0 - Disable IPv4 address scoping | ||
225 | * 1 - Enable IPv4 address scoping | ||
226 | * 2 - Selectively allow only IPv4 private addresses | ||
227 | * 3 - Selectively allow only IPv4 link local address | ||
228 | */ | ||
229 | int ipv4_scope_policy; | ||
230 | |||
222 | /* Flag to indicate whether computing and verifying checksum | 231 | /* Flag to indicate whether computing and verifying checksum |
223 | * is disabled. */ | 232 | * is disabled. */ |
224 | int checksum_disable; | 233 | int checksum_disable; |
@@ -252,6 +261,7 @@ extern struct sctp_globals { | |||
252 | #define sctp_port_hashtable (sctp_globals.port_hashtable) | 261 | #define sctp_port_hashtable (sctp_globals.port_hashtable) |
253 | #define sctp_local_addr_list (sctp_globals.local_addr_list) | 262 | #define sctp_local_addr_list (sctp_globals.local_addr_list) |
254 | #define sctp_local_addr_lock (sctp_globals.addr_list_lock) | 263 | #define sctp_local_addr_lock (sctp_globals.addr_list_lock) |
264 | #define sctp_scope_policy (sctp_globals.ipv4_scope_policy) | ||
255 | #define sctp_addip_enable (sctp_globals.addip_enable) | 265 | #define sctp_addip_enable (sctp_globals.addip_enable) |
256 | #define sctp_addip_noauth (sctp_globals.addip_noauth_enable) | 266 | #define sctp_addip_noauth (sctp_globals.addip_noauth_enable) |
257 | #define sctp_prsctp_enable (sctp_globals.prsctp_enable) | 267 | #define sctp_prsctp_enable (sctp_globals.prsctp_enable) |
diff --git a/net/sctp/bind_addr.c b/net/sctp/bind_addr.c index 6d5944a745d4..13a6fba41077 100644 --- a/net/sctp/bind_addr.c +++ b/net/sctp/bind_addr.c | |||
@@ -510,9 +510,28 @@ int sctp_in_scope(const union sctp_addr *addr, sctp_scope_t scope) | |||
510 | * of requested destination address, sender and receiver | 510 | * of requested destination address, sender and receiver |
511 | * SHOULD include all of its addresses with level greater | 511 | * SHOULD include all of its addresses with level greater |
512 | * than or equal to L. | 512 | * than or equal to L. |
513 | * | ||
514 | * Address scoping can be selectively controlled via sysctl | ||
515 | * option | ||
513 | */ | 516 | */ |
514 | if (addr_scope <= scope) | 517 | switch (sctp_scope_policy) { |
518 | case SCTP_SCOPE_POLICY_DISABLE: | ||
515 | return 1; | 519 | return 1; |
520 | case SCTP_SCOPE_POLICY_ENABLE: | ||
521 | if (addr_scope <= scope) | ||
522 | return 1; | ||
523 | break; | ||
524 | case SCTP_SCOPE_POLICY_PRIVATE: | ||
525 | if (addr_scope <= scope || SCTP_SCOPE_PRIVATE == addr_scope) | ||
526 | return 1; | ||
527 | break; | ||
528 | case SCTP_SCOPE_POLICY_LINK: | ||
529 | if (addr_scope <= scope || SCTP_SCOPE_LINK == addr_scope) | ||
530 | return 1; | ||
531 | break; | ||
532 | default: | ||
533 | break; | ||
534 | } | ||
516 | 535 | ||
517 | return 0; | 536 | return 0; |
518 | } | 537 | } |
diff --git a/net/sctp/protocol.c b/net/sctp/protocol.c index a76da657244a..60093be8385d 100644 --- a/net/sctp/protocol.c +++ b/net/sctp/protocol.c | |||
@@ -431,16 +431,14 @@ static int sctp_v4_available(union sctp_addr *addr, struct sctp_sock *sp) | |||
431 | * of requested destination address, sender and receiver | 431 | * of requested destination address, sender and receiver |
432 | * SHOULD include all of its addresses with level greater | 432 | * SHOULD include all of its addresses with level greater |
433 | * than or equal to L. | 433 | * than or equal to L. |
434 | * | ||
435 | * IPv4 scoping can be controlled through sysctl option | ||
436 | * net.sctp.addr_scope_policy | ||
434 | */ | 437 | */ |
435 | static sctp_scope_t sctp_v4_scope(union sctp_addr *addr) | 438 | static sctp_scope_t sctp_v4_scope(union sctp_addr *addr) |
436 | { | 439 | { |
437 | sctp_scope_t retval; | 440 | sctp_scope_t retval; |
438 | 441 | ||
439 | /* Should IPv4 scoping be a sysctl configurable option | ||
440 | * so users can turn it off (default on) for certain | ||
441 | * unconventional networking environments? | ||
442 | */ | ||
443 | |||
444 | /* Check for unusable SCTP addresses. */ | 442 | /* Check for unusable SCTP addresses. */ |
445 | if (IS_IPV4_UNUSABLE_ADDRESS(addr->v4.sin_addr.s_addr)) { | 443 | if (IS_IPV4_UNUSABLE_ADDRESS(addr->v4.sin_addr.s_addr)) { |
446 | retval = SCTP_SCOPE_UNUSABLE; | 444 | retval = SCTP_SCOPE_UNUSABLE; |
@@ -1259,6 +1257,9 @@ SCTP_STATIC __init int sctp_init(void) | |||
1259 | /* Disable AUTH by default. */ | 1257 | /* Disable AUTH by default. */ |
1260 | sctp_auth_enable = 0; | 1258 | sctp_auth_enable = 0; |
1261 | 1259 | ||
1260 | /* Set SCOPE policy to enabled */ | ||
1261 | sctp_scope_policy = SCTP_SCOPE_POLICY_ENABLE; | ||
1262 | |||
1262 | sctp_sysctl_register(); | 1263 | sctp_sysctl_register(); |
1263 | 1264 | ||
1264 | INIT_LIST_HEAD(&sctp_address_families); | 1265 | INIT_LIST_HEAD(&sctp_address_families); |
diff --git a/net/sctp/sysctl.c b/net/sctp/sysctl.c index 63eabbc71298..ab7151da120f 100644 --- a/net/sctp/sysctl.c +++ b/net/sctp/sysctl.c | |||
@@ -51,6 +51,7 @@ static int timer_max = 86400000; /* ms in one day */ | |||
51 | static int int_max = INT_MAX; | 51 | static int int_max = INT_MAX; |
52 | static int sack_timer_min = 1; | 52 | static int sack_timer_min = 1; |
53 | static int sack_timer_max = 500; | 53 | static int sack_timer_max = 500; |
54 | static int addr_scope_max = 3; /* check sctp_scope_policy_t in include/net/sctp/constants.h for max entries */ | ||
54 | 55 | ||
55 | extern int sysctl_sctp_mem[3]; | 56 | extern int sysctl_sctp_mem[3]; |
56 | extern int sysctl_sctp_rmem[3]; | 57 | extern int sysctl_sctp_rmem[3]; |
@@ -272,6 +273,17 @@ static ctl_table sctp_table[] = { | |||
272 | .proc_handler = proc_dointvec, | 273 | .proc_handler = proc_dointvec, |
273 | .strategy = sysctl_intvec | 274 | .strategy = sysctl_intvec |
274 | }, | 275 | }, |
276 | { | ||
277 | .ctl_name = CTL_UNNUMBERED, | ||
278 | .procname = "addr_scope_policy", | ||
279 | .data = &sctp_scope_policy, | ||
280 | .maxlen = sizeof(int), | ||
281 | .mode = 0644, | ||
282 | .proc_handler = &proc_dointvec_minmax, | ||
283 | .strategy = &sysctl_intvec, | ||
284 | .extra1 = &zero, | ||
285 | .extra2 = &addr_scope_max, | ||
286 | }, | ||
275 | { .ctl_name = 0 } | 287 | { .ctl_name = 0 } |
276 | }; | 288 | }; |
277 | 289 | ||